[PATCH 2/4] Created OVAL check accounts_passwords_pam_faillock_deny, for checking the configured maximum number of failed login attempts the system will allow before locking the account.

Tue, 31 Jul 2012 14:19:53 -0700 

Signed-off-by: Willy Santos <[email protected]>
---
 .../accounts_passwords_pam_faillock_deny.xml       |   50 ++++++++++++++++++++
 1 files changed, 50 insertions(+), 0 deletions(-)
 create mode 100644 RHEL6/input/checks/accounts_passwords_pam_faillock_deny.xml

diff --git a/RHEL6/input/checks/accounts_passwords_pam_faillock_deny.xml 
b/RHEL6/input/checks/accounts_passwords_pam_faillock_deny.xml
new file mode 100644
index 0000000..ee594ff
--- /dev/null
+++ b/RHEL6/input/checks/accounts_passwords_pam_faillock_deny.xml
@@ -0,0 +1,50 @@
+<def-group>
+  <definition class="compliance" id="accounts_passwords_pam_faillock_deny" 
version="1">
+    <metadata>
+      <title>Lock out account after failed login attempts</title>
+      <affected family="unix">
+        <platform>Red Hat Enterprise Linux 6</platform>
+      </affected>
+      <reference ref_id="TODO" source="CCE" />
+      <description>The number of allowed failed logins should be set 
correctly.</description>
+    </metadata>
+    <criteria>
+      <criterion comment="default is set to 5" 
test_ref="test_accounts_passwords_pam_faillock_deny_system-auth" />
+      <criterion comment="default is set to 5" 
test_ref="test_accounts_passwords_pam_faillock_deny_password-auth" />
+    </criteria>
+  </definition>
+
+  <ind:textfilecontent54_test check="all" check_existence="all_exist" 
comment="check maximum failed login attempts allowed in /etc/pam.d/system-auth" 
id="test_accounts_passwords_pam_faillock_deny_system-auth" version="1">
+    <ind:object 
object_ref="object_accounts_passwords_pam_faillock_deny_system-auth" />
+    <ind:state 
state_ref="state_accounts_passwords_pam_faillock_deny_system-auth" />
+  </ind:textfilecontent54_test>
+
+  <ind:textfilecontent54_test check="all" check_existence="all_exist" 
comment="check maximum failed login attempts allowed in 
/etc/pam.d/password-auth" 
id="test_accounts_passwords_pam_faillock_deny_password-auth" version="1">
+    <ind:object 
object_ref="object_accounts_passwords_pam_faillock_deny_password-auth" />
+    <ind:state 
state_ref="state_accounts_passwords_pam_faillock_deny_password-auth" />
+  </ind:textfilecontent54_test>
+
+  <ind:textfilecontent54_object 
id="object_accounts_passwords_pam_faillock_deny_system-auth" version="1">
+    <ind:path>/etc/pam.d</ind:path>
+    <ind:filename>system-auth</ind:filename>
+    <ind:pattern operation="pattern 
match">^\s*auth\s+(?:(?:required))\s+pam_faillock\.so.*deny=([0-9]*).*$</ind:pattern>
+    <ind:instance datatype="int" operation="greater than or 
equal">1</ind:instance>
+  </ind:textfilecontent54_object>
+
+  <ind:textfilecontent54_object 
id="object_accounts_passwords_pam_faillock_deny_password-auth" version="1">
+    <ind:path>/etc/pam.d</ind:path>
+    <ind:filename>password-auth</ind:filename>
+    <ind:pattern operation="pattern 
match">^\s*auth\s+(?:(?:sufficient)|(?:\[default=die\]))\s+pam_faillock\.so.*deny=([0-9]*).*$</ind:pattern>
+    <ind:instance datatype="int" operation="greater than or 
equal">1</ind:instance>
+  </ind:textfilecontent54_object>
+
+  <ind:textfilecontent54_state 
id="state_accounts_passwords_pam_faillock_deny_system-auth" version="1">
+    <ind:subexpression datatype="int" operation="equals" 
var_ref="var_accounts_passwords_pam_faillock_deny" />
+  </ind:textfilecontent54_state>
+
+  <ind:textfilecontent54_state 
id="state_accounts_passwords_pam_faillock_deny_password-auth" version="1">
+    <ind:subexpression datatype="int" operation="equals" 
var_ref="var_accounts_passwords_pam_faillock_deny" />
+  </ind:textfilecontent54_state>
+
+  <external_variable comment="number of failed login attempts allowed" 
datatype="int" id="var_accounts_passwords_pam_faillock_deny" version="1" />
+</def-group>
-- 
1.7.7.6

_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide

Reply via email to